{"id":3604,"date":"2017-09-15T21:20:19","date_gmt":"2017-09-15T13:20:19","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=3604"},"modified":"2017-09-15T21:20:19","modified_gmt":"2017-09-15T13:20:19","slug":"cissp%e8%80%83%e8%af%95%e5%a4%a7%e7%ba%b2%e6%95%b4%e7%90%86","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/3604.html","title":{"rendered":"CISSP\u8003\u8bd5\u5927\u7eb2\u6574\u7406"},"content":{"rendered":"<p>=Start=<\/p>\n<h4 id=\"id-\u6a21\u677f-\u7f18\u7531\uff1a\">\u7f18\u7531\uff1a<\/h4>\n<p>\u51c6\u5907\u62a5\u8003CISSP\uff0c\u6240\u4ee5\u5148\u770b\u770b\u5176\u8003\u8bd5\u5927\u7eb2\uff0c\u4ee5\u4fbf\u540e\u671f\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u4e00\u4e0b\uff08\u5c24\u5176\u662f\u81ea\u5df1\u4e0d\u719f\u6089\u7684\u77e5\u8bc6\u70b9\uff09\u3002\u6839\u636e\u8003\u8bd5\u7684\u5177\u4f53\u6743\u91cd\uff0c\u5ba1\u89c6\u81ea\u5df1\u5728\u4e0d\u540c\u9886\u57df\u7684\u5f3a\u5f31\uff0c\u4ece\u800c\u5236\u5b9a\u76f8\u5e94\u7684\u5b66\u4e60\u8ba1\u5212\u3002<\/p>\n<h4 id=\"id-\u6a21\u677f-\u6b63\u6587\uff1a\">\u6b63\u6587\uff1a<\/h4>\n<h5 id=\"id-\u6a21\u677f-\u53c2\u8003\u89e3\u7b54\uff1a\">\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n<div class=\"page\" title=\"Page 6\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>CISSP \u8003\u8bd5\u9886\u57df\u53ca\u52a0\u6743\u8be6\u60c5(\u751f\u6548\u65e5\u671f\uff1a2015\u5e744\u670815\u65e5)\uff1a<\/p>\n<\/div>\n<\/div>\n<table>\n<colgroup>\n<col \/>\n<col \/> <\/colgroup>\n<tbody>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>\u77e5\u8bc6\u9886\u57df<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>\u52a0\u6743\u767e\u5206\u6bd4<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>1. <strong>\u5b89\u5168\u4e0e\u98ce\u9669\u7ba1\u7406<\/strong><\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>16%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>2. \u8d44\u4ea7\u5b89\u5168<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>10%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>3. \u5b89\u5168\u5de5\u7a0b<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>12%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>4. \u901a\u4fe1\u4e0e\u7f51\u7edc\u5b89\u5168<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>12%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>5. \u8eab\u4efd\u4e0e\u8bbf\u95ee\u7ba1\u7406<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>13%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>6. \u5b89\u5168\u8bc4\u4f30\u4e0e\u6d4b\u8bd5<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>11%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>7. <strong>\u5b89\u5168\u8fd0\u8425<\/strong><\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>16%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>8. \u8f6f\u4ef6\u5f00\u53d1\u5b89\u5168<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>10%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>\u603b\u8ba1<\/p>\n<\/div>\n<\/div>\n<\/td>\n<td>\n<div class=\"layoutArea\">\n<div class=\"column\">\n<p>100%<\/p>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>==<\/p>\n<h5><span style=\"color: #ff0000;\">1\u3001 Security and Risk Management \uff08\u5b89\u5168\u4e0e\u98ce\u9669\u7ba1\u7406(\u4f8b\u5982\uff0c\u5b89\u5168\u3001\u98ce\u9669\u3001\u5408\u89c4\u3001\u6cd5\u5f8b\u3001\u6cd5 \u89c4\u3001\u4e1a\u52a1\u8fde\u7eed\u6027)\uff09<\/span><\/h5>\n<ol>\n<li>Understand and apply concepts of con dentiality, integrity and availability \uff08\u7406\u89e3\u5e76\u5e94\u7528\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u7684\u6982\u5ff5\uff09<\/li>\n<li>Apply security governance principles through: \uff08\u5e94\u7528\u5b89\u5168\u6cbb\u7406\u539f\u5219\uff09<\/li>\n<li><strong>Compliance<\/strong> \uff08\u5408\u89c4\uff09<\/li>\n<li>Understand legal and regulatory issues that pertain to information security in a global context \uff08\u5728\u5168\u7403\u5316\u80cc\u666f\u4e0b\u7406\u89e3\u4e0e\u4fe1\u606f\u5b89\u5168\u76f8\u5173\u7684\u6cd5\u5f8b\u548c\u6cd5\u89c4\u95ee\u9898\uff09<\/li>\n<li>Understand professional ethics \uff08\u7406\u89e3\u804c\u4e1a\u9053\u5fb7\uff09<\/li>\n<li>Develop and implement documented security policy, standards, procedures, and guidelines \uff08\u5236\u5b9a\u5e76\u5b9e\u65bd\u6587\u6863\u5316\u7684\u5b89\u5168\u7b56\u7565\u3001\u6807\u51c6\u3001\u7a0b\u5e8f\u548c\u65b9\u9488\uff09<\/li>\n<li>Understand business continuity requirements \uff08\u7406\u89e3\u4e1a\u52a1\u8fde\u7eed\u6027\u8981\u6c42\uff09<\/li>\n<li>Contribute to personnel security policies \uff08\u4fc3\u8fdb\u4eba\u5458\u5b89\u5168\u7b56\u7565\uff09<\/li>\n<li>Understand and apply risk management concepts \uff08\u7406\u89e3\u4e0e\u5e94\u7528\u98ce\u9669\u7ba1\u7406\u7684\u6982\u5ff5\uff09<\/li>\n<li>Understand and apply threat modeling \uff08\u7406\u89e3\u4e0e\u8fd0\u7528\u5a01\u80c1\u5efa\u6a21\uff09<\/li>\n<li>Integrate security risk considerations into acquisition strategy and practice \uff08\u6574\u5408\u5b89\u5168\u98ce\u9669\u8003\u91cf\u81f3\u91c7\u8d2d\u7b56\u7565\u4e0e\u5b9e\u8df5\u4e2d\uff09<\/li>\n<li>Establish and manage information security education, training, and awareness \uff08\u5efa\u8bae\u5e76\u7ba1\u7406\u4fe1\u606f\u5b89\u5168\u6559\u80b2\u3001\u5b89\u5168\u57f9\u8bad\u4e0e\u5b89\u5168\u610f\u8bc6\uff09<\/li>\n<\/ol>\n<h5>2\u3001 Asset Security \uff08\u8d44\u4ea7\u5b89\u5168(\u4fdd\u62a4\u8d44\u4ea7\u7684\u5b89\u5168)\uff09<\/h5>\n<ol>\n<li>Classify information and supporting assets (e.g., sensitivity, criticality) \uff08\u4fe1\u606f\u4e0e\u652f\u6301\u8d44\u4ea7\u7684\u5206\u7c7b(\u4f8b\u5982:\u654f\u611f\u6027\u3001\u5173\u952e\u6027)\uff09<\/li>\n<li>Determine and maintain ownership (e.g., data owners, system owners, business\/mission owners) \uff08\u786e\u5b9a\u5e76\u7ef4\u62a4\u6240\u6709\u6743(\u4f8b\u5982:\u6570\u636e\u6240\u6709\u8005\u3001\u7cfb\u7edf\u6240\u6709\u8005\u3001\u4e1a\u52a1\/\u4f7f\u547d\u6240\u6709\u8005)\uff09<\/li>\n<li>Protect privacy \uff08\u4fdd\u62a4\u9690\u79c1\uff09<\/li>\n<li>Ensure appropriate retention (e.g., media, hardware, personnel) \uff08\u786e\u4fdd\u9002\u5f53\u7684\u6570\u636e\u4fdd\u7559(\u4f8b\u5982:\u4ecb\u8d28\u3001\u786c\u4ef6\u3001\u4eba\u5458)\uff09<\/li>\n<li>Determine data security controls (e.g., data at rest, data in transit) \uff08\u786e\u5b9a\u6570\u636e\u5b89\u5168\u63a7\u5236\u63aa\u65bd(\u4f8b\u5982:\u9759\u6001\u6570\u636e\u3001\u4f20\u8f93\u4e2d\u6570\u636e)\uff09<\/li>\n<li>Establish handling requirements (markings, labels, storage, destruction of sensitive information) \uff08\u5efa\u7acb\u5904\u7406\u8981\u6c42(\u4f8b\u5982:\u654f\u611f\u4fe1\u606f\u7684\u6807\u793a\u3001\u6807\u8bb0\u3001\u5b58\u50a8\u548c\u9500\u6bc1)\uff09<\/li>\n<\/ol>\n<h5><span style=\"color: #0000ff;\">3\u3001 Security Engineering \uff08\u5b89\u5168\u5de5\u7a0b(\u5b89\u5168\u5de5\u7a0b\u4e0e\u7ba1\u7406)\uff09<\/span><\/h5>\n<ol>\n<li>Implement and manage engineering processes using secure design principles \uff08\u5229\u7528\u5b89\u5168\u8bbe\u8ba1\u539f\u5219\u5b9e\u65bd\u548c\u7ba1\u7406\u5de5\u7a0b\u8fc7\u7a0b\uff09<\/li>\n<li>Understand the fundamental concepts of security models (e.g., Condentiality, Integrity, and Multi-level Models) \uff08\u7406\u89e3\u5b89\u5168\u6a21\u578b\u7684\u57fa\u7840\u6982\u5ff5(\u4f8b\u5982:\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u591a\u5c42\u6a21\u578b)\uff09<\/li>\n<li>Select controls and countermeasures based upon systems security evaluation models \uff08\u57fa\u4e8e\u7cfb\u7edf\u5b89\u5168\u8bc4\u4f30\u6a21\u578b\u9009\u62e9\u63a7\u5236\u63aa\u65bd\u548c\u5bf9\u7b56\uff09<\/li>\n<li>Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance) \uff08\u7406\u89e3\u4fe1\u606f\u7cfb\u7edf\u7684\u5b89\u5168\u80fd\u529b (\u4f8b\u5982:\u5b58\u50a8\u4fdd\u62a4\u3001\u865a\u62df\u5316\u3001\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3001\u63a5\u53e3\u3001\u5bb9\u9519)\uff09<\/li>\n<li>Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements \uff08\u8bc4\u4f30\u4e0e\u7f13\u89e3\u5b89\u5168\u67b6\u6784\u3001\u8bbe\u8ba1\u548c\u89e3\u51b3\u65b9\u6848\u8981\u7d20\u7684\u8106\u5f31\u6027\uff09<\/li>\n<li>Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP) \uff08\u8bc4\u4f30\u548c\u7f13\u89e3\u57fa\u4e8eWeb\u7cfb\u7edf\u7684\u8106\u5f31\u6027\uff09<\/li>\n<li>Assess and mitigate vulnerabilities in mobile systems \uff08\u8bc4\u4f30\u548c\u51cf\u7f13\u79fb\u52a8\u7cfb\u7edf\u7684\u8106\u5f31\u6027\uff09<\/li>\n<li>Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (IoT)) \uff08\u8bc4\u4f30\u548c\u51cf\u7f13\u5d4c\u5165\u5f0f\u8bbe\u5907\u548c\u7f51\u7edc\u7269\u7406\u7cfb\u7edf\u7684\u8106\u5f31\u6027(\u4f8b\u5982:\u53ef\u542f\u7528\u7f51\u7edc\u8bbe\u5907\u3001\u7269\u8054\u7f51(IoT))\uff09<\/li>\n<li>Apply cryptography \uff08\u5e94\u7528\u5bc6\u7801\u5b66\uff09<\/li>\n<li>Apply secure principles to site and facility design \uff08\u5e94\u7528\u5b89\u5168\u539f\u5219\u4e8e\u573a\u5730\u4e0e\u8bbe\u65bd\u8bbe\u8ba1\uff09<\/li>\n<li>Design and implement physical security \uff08\u8bbe\u8ba1\u548c\u5b9e\u65bd\u7269\u7406\u5b89\u5168\uff09<\/li>\n<\/ol>\n<h5>4\u3001 Communications and Network Security \uff08\u901a\u4fe1\u4e0e\u7f51\u7edc\u5b89\u5168(\u8bbe\u8ba1\u53ca\u4fdd\u62a4\u7f51\u7edc\u5b89\u5168)\uff09<\/h5>\n<ol>\n<li>Apply secure design principles to network architecture (e.g., IP &amp; non-IP protocols, segmentation) \uff08\u5e94\u7528\u5b89\u5168\u8bbe\u8ba1\u539f\u5219\u4e8e\u7f51\u7edc\u67b6\u6784(\u4f8b\u5982:IP \u534f\u8bae\u4e0e\u975e IP \u534f\u8bae\uff0c\u7f51\u7edc\u5206\u6bb5)\uff09<\/li>\n<li>Secure network components \uff08\u4fdd\u62a4\u7f51\u7edc\u7ec4\u4ef6\u5b89\u5168\uff09<\/li>\n<li>Design and establish secure communication channels \uff08\u8bbe\u8ba1\u4e0e\u5efa\u7acb\u5b89\u5168\u901a\u4fe1\u4fe1\u9053\uff09<\/li>\n<li>Prevent or mitigate network attacks \uff08\u9884\u9632\u548c\u51cf\u7f13\u7f51\u7edc\u653b\u51fb\uff09<\/li>\n<\/ol>\n<h5>5\u3001 Identity and Access Management \uff08\u8eab\u4efd\u4e0e\u8bbf\u95ee\u7ba1\u7406(\u8bbf\u95ee\u63a7\u5236\u4e0e\u8eab\u4efd\u7ba1\u7406)\uff09<\/h5>\n<ol>\n<li>Control physical and logical access to assets \uff08\u63a7\u5236\u8d44\u4ea7\u7684\u7269\u7406\u4e0e\u903b\u8f91\u8bbf\u95ee\uff09<\/li>\n<li>Manage identification and authentication of people and devices \uff08\u7ba1\u7406\u4eba\u5458\u4e0e\u8bbe\u5907\u7684\u8eab\u4efd\u548c\u9a8c\u8bc1\uff09<\/li>\n<li>Integrate identity as a service (e.g., cloud identity) \uff08\u6574\u5408\u8eab\u4efd\u5373\u670d\u52a1(\u4f8b\u5982:\u4e91\u8eab\u4efd)\uff09<\/li>\n<li>Integrate third-party identity services (e.g., on-premise) \uff08\u6574\u5408\u7b2c\u4e09\u65b9\u8eab\u4efd\u670d\u52a1(\u4f8b\u5982:\u5185\u90e8\u90e8\u7f72)\uff09<\/li>\n<li>Implement and manage authorization mechanisms \uff08\u5b9e\u65bd\u548c\u7ba1\u7406\u6388\u6743\u673a\u5236\uff09<\/li>\n<li>Prevent or mitigate access control attacks \uff08\u9884\u9632\u4e0e\u51cf\u7f13\u8bbf\u95ee\u63a7\u5236\u653b\u51fb\uff09<\/li>\n<li>Manage the identity and access provisioning lifecycle (e.g., provisioning, review) \uff08\u7ba1\u7406\u8eab\u4efd\u4e0e\u8bbf\u95ee\u4f9b\u7ed9\u751f\u547d\u5468\u671f(\u4f8b\u5982:\u4f9b\u7ed9\u3001\u5ba1\u67e5)\uff09<\/li>\n<\/ol>\n<h5>6\u3001 Security Assessment and Testing \uff08\u5b89\u5168\u8bc4\u4f30\u4e0e\u6d4b\u8bd5(\u8bbe\u8ba1\u3001\u6267\u884c\u4e0e\u5206\u6790\u5b89\u5168\u6d4b\u8bd5)\uff09<\/h5>\n<ol>\n<li>Design and validate assessment and test strategies \uff08\u8bbe\u8ba1\u548c\u9a8c\u8bc1\u8bc4\u4f30\u4e0e\u6d4b\u8bd5\u7b56\u7565\uff09<\/li>\n<li>Conduct security control testing \uff08\u6267\u884c\u5b89\u5168\u63a7\u5236\u6d4b\u8bd5\uff09<\/li>\n<li>Collect security process data (e.g., management and operational controls) \uff08\u6536\u96c6\u5b89\u5168\u8fc7\u7a0b\u6570\u636e(\u4f8b\u5982:\u7ba1\u7406\u548c\u8fd0\u8425\u63a7\u5236\u63aa\u65bd)\uff09<\/li>\n<li>Analyze and report test outputs (e.g., automated, manual) \uff08\u5206\u6790\u4e0e\u62a5\u544a\u6d4b\u8bd5\u7ed3\u679c(\u4f8b\u5982:\u81ea\u52a8\u3001\u624b\u52a8)\uff09<\/li>\n<li>Conduct or facilitate internal and third party audits \uff08\u5f00\u5c55\u6216\u4fc3\u8fdb\u5185\u90e8\u548c\u7b2c\u4e09\u65b9\u5ba1\u8ba1\uff09<\/li>\n<\/ol>\n<h5><span style=\"color: #ff0000;\">7\u3001 Security Operations \uff08\u5b89\u5168\u8fd0\u8425(\u4f8b\u5982:\u57fa\u7840\u6982\u5ff5\u3001\u8c03\u67e5\u3001\u4e8b\u4ef6\u7ba1\u7406\u3001\u707e\u96be\u6062\u590d)\uff09<\/span><\/h5>\n<ol>\n<li>Understand and support investigations \uff08\u7406\u89e3\u4e0e\u652f\u6301\u8c03\u67e5\uff09<\/li>\n<li>Understand requirements for investigation types \uff08\u7406\u89e3\u8c03\u67e5\u7c7b\u578b\u7684\u8981\u6c42\uff09<\/li>\n<li>Conduct logging and monitoring activities \uff08\u5b9e\u65bd\u65e5\u5fd7\u548c\u76d1\u6d4b\u6d3b\u52a8\uff09<\/li>\n<li>Secure the provisioning of resources \uff08\u4fdd\u62a4\u8d44\u6e90\u7684\u4f9b\u7ed9\u5b89\u5168\uff09<\/li>\n<li>Understand and apply foundational security operations concepts \uff08\u7406\u89e3\u4e0e\u5e94\u7528\u5b89\u5168\u8fd0\u8425\u7684\u57fa\u7840\u6982\u5ff5\uff09<\/li>\n<li>Employ resource protection techniques \uff08\u5229\u7528\u8d44\u6e90\u4fdd\u62a4\u6280\u672f\uff09<\/li>\n<li>Conduct incident management \uff08\u5f00\u5c55\u4e8b\u4ef6\u7ba1\u7406\uff09<\/li>\n<li>Operate and maintain preventative measures \uff08\u64cd\u4f5c\u548c\u7ef4\u62a4\u9884\u9632\u63aa\u65bd\uff09<\/li>\n<li>Implement and support patch and vulnerability management \uff08\u5b9e\u65bd\u548c\u652f\u6301\u8865\u4e01\u4e0e\u6f0f\u6d1e\u7ba1\u7406\uff09<\/li>\n<li>Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis) \uff08\u53c2\u4e0e\u548c\u7406\u89e3\u53d8\u66f4\u7ba1\u7406\u6d41\u7a0b(\u4f8b\u5982:\u7248\u672c\u63a7\u5236\u3001\u57fa\u7ebf\u5316\u3001\u5b89\u5168\u6027\u5f71\u54cd\u5206\u6790)\uff09<\/li>\n<li>Implement recovery strategies \uff08\u5b9e\u65bd\u6062\u590d\u7b56\u7565\uff09<\/li>\n<li>Implement disaster recovery processes \uff08\u5b9e\u65bd\u707e\u96be\u6062\u590d\u6d41\u7a0b\uff09<\/li>\n<li>Test disaster recovery plans \uff08\u6d4b\u8bd5\u707e\u96be\u6062\u590d\u8ba1\u5212\uff09<\/li>\n<li>Participate in business continuity planning and exercises \uff08\u53c2\u4e0e\u4e1a\u52a1\u8fde\u7eed\u6027\u8ba1\u5212\u548c\u6f14\u7ec3\uff09<\/li>\n<li>Implement and manage physical security \uff08\u5b9e\u65bd\u548c\u7ba1\u7406\u7269\u7406\u5b89\u5168\uff09<\/li>\n<li>Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring) \uff08\u53c2\u4e0e\u89e3\u51b3\u4eba\u5458\u5b89\u5168\u95ee\u9898(\u4f8b\u5982\u80c1\u8feb\u3001\u65c5\u884c\u3001\u76d1\u63a7)\uff09<\/li>\n<\/ol>\n<h5>8\u3001 Software Development Security \uff08\u8f6f\u4ef6\u5f00\u53d1\u5b89\u5168(\u7406\u89e3\u3001\u5e94\u7528\u4e0e\u6267\u884c\u8f6f\u4ef6\u5b89\u5168)\uff09<\/h5>\n<ol>\n<li>Understand and apply security in the software development lifecycle \uff08\u7406\u89e3\u5b89\u5168\u5e76\u5c06\u5176\u5e94\u7528\u4e8e\u8f6f\u4ef6\u5f00\u53d1\u751f\u547d\u5468\u671f\uff09<\/li>\n<li>Enforce security controls in development environments \uff08\u5728\u5f00\u53d1\u73af\u5883\u4e2d\u6267\u884c\u5b89\u5168\u63a7\u5236\uff09<\/li>\n<li>Assess the effectiveness of software security \uff08\u8bc4\u4f30\u8f6f\u4ef6\u5b89\u5168\u7684\u6709\u6548\u6027\uff09<\/li>\n<li>Assess security impact of acquired software \uff08\u8bc4\u4f30\u91c7\u8d2d\u8f6f\u4ef6\u7684\u5b89\u5168\u5f71\u54cd\uff09<\/li>\n<\/ol>\n<p>==<\/p>\n<h5 id=\"id-\u6a21\u677f-\u53c2\u8003\u94fe\u63a5\uff1a\">\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n<ul>\n<li><a href=\"https:\/\/downloads.isc2.org\/exam-outlines\/CISSP-Exam-Outline.pdf\" target=\"_blank\" rel=\"noopener\">https:\/\/downloads.isc2.org\/exam-outlines\/CISSP-Exam-Outline.pdf<\/a><\/li>\n<li><a href=\"https:\/\/downloads.isc2.org\/exam-outlines\/CISSP-Exam-Outline-Chinese-8-Domain.pdf\" target=\"_blank\" rel=\"noopener\">https:\/\/downloads.isc2.org\/exam-outlines\/CISSP-Exam-Outline-Chinese-8-Domain.pdf<\/a><\/li>\n<\/ul>\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u7f18\u7531\uff1a \u51c6\u5907\u62a5\u8003CISSP\uff0c\u6240\u4ee5\u5148\u770b\u770b\u5176\u8003\u8bd5\u5927\u7eb2\uff0c\u4ee5\u4fbf\u540e\u671f\u6709\u9488\u5bf9\u6027\u7684\u5b66\u4e60\u4e00\u4e0b\uff08\u5c24\u5176\u662f\u81ea\u5df1\u4e0d\u719f\u6089 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,25],"tags":[944,945,37],"class_list":["post-3604","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-security","tag-cissp","tag-outline","tag-security"],"views":10460,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=3604"}],"version-history":[{"count":2,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3604\/revisions"}],"predecessor-version":[{"id":3609,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3604\/revisions\/3609"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=3604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=3604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=3604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}